Lucene search

K
cve[email protected]CVE-2004-1378
HistoryJan 19, 2005 - 5:00 a.m.

CVE-2004-1378

2005-01-1905:00:00
web.nvd.nist.gov
25
expat
xml parser
jabber
jadc2s
cve-2004-1378
denial of service
nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.4 Medium

AI Score

Confidence

High

0.073 Low

EPSS

Percentile

94.1%

The expat XML parser code, as used in the open source Jabber (jabberd) 1.4.3 and earlier, jadc2s 0.9.0 and earlier, and possibly other packages, allows remote attackers to cause a denial of service (application crash) via a malformed packet to a socket that accepts XML connections.

Affected configurations

NVD
Node
jabberstudiojabberdMatch1.4
OR
jabberstudiojabberdMatch1.4.1
OR
jabberstudiojabberdMatch1.4.2
OR
jabberstudiojabberdMatch1.4.2a
OR
jabberstudiojabberdMatch1.4.3
OR
jabberstudiojadc2sMatch0.6
OR
jabberstudiojadc2sMatch0.7
OR
jabberstudiojadc2sMatch0.8
OR
jabberstudiojadc2sMatch0.9

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.4 Medium

AI Score

Confidence

High

0.073 Low

EPSS

Percentile

94.1%